Commit 59d0eec5 authored by Rusty Russell's avatar Rusty Russell Committed by David S. Miller

[NETFILTER]: Make nat helper modules use symbols to force conntrack modules.

NAT helpers almost always require the matching conntrack helper to
work at all: this should be forced at load time, rather than at
runtime (which only works via kmod, and is icky).  Convenient macros
allow this.
parent 21cae4ab
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
#include <linux/config.h> #include <linux/config.h>
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h> #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
#include <linux/bitops.h> #include <linux/bitops.h>
#include <linux/compiler.h>
#include <asm/atomic.h> #include <asm/atomic.h>
enum ip_conntrack_info enum ip_conntrack_info
...@@ -266,5 +267,16 @@ static inline int is_confirmed(struct ip_conntrack *ct) ...@@ -266,5 +267,16 @@ static inline int is_confirmed(struct ip_conntrack *ct)
} }
extern unsigned int ip_conntrack_htable_size; extern unsigned int ip_conntrack_htable_size;
/* eg. PROVIDES_CONNTRACK(ftp); */
#define PROVIDES_CONNTRACK(name) \
int needs_ip_conntrack_##name; \
EXPORT_SYMBOL(needs_ip_conntrack_##name)
/*. eg. NEEDS_CONNTRACK(ftp); */
#define NEEDS_CONNTRACK(name) \
extern int needs_ip_conntrack_##name; \
static int *need_ip_conntrack_##name __attribute_used__ = &needs_ip_conntrack_##name
#endif /* __KERNEL__ */ #endif /* __KERNEL__ */
#endif /* _IP_CONNTRACK_H */ #endif /* _IP_CONNTRACK_H */
...@@ -3,14 +3,13 @@ ...@@ -3,14 +3,13 @@
/* NAT protocol helper routines. */ /* NAT protocol helper routines. */
#include <linux/netfilter_ipv4/ip_conntrack.h> #include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/module.h>
struct sk_buff; struct sk_buff;
/* Flags */ /* Flags */
/* NAT helper must be called on every packet (for TCP) */ /* NAT helper must be called on every packet (for TCP) */
#define IP_NAT_HELPER_F_ALWAYS 0x01 #define IP_NAT_HELPER_F_ALWAYS 0x01
/* Standalone NAT helper, without a conntrack part */
#define IP_NAT_HELPER_F_STANDALONE 0x02
struct ip_nat_helper struct ip_nat_helper
{ {
......
...@@ -207,6 +207,7 @@ static int __init init(void) ...@@ -207,6 +207,7 @@ static int __init init(void)
return 0; return 0;
} }
PROVIDES_CONNTRACK(amanda);
EXPORT_SYMBOL(ip_amanda_lock); EXPORT_SYMBOL(ip_amanda_lock);
module_init(init); module_init(init);
......
...@@ -437,6 +437,7 @@ static int __init init(void) ...@@ -437,6 +437,7 @@ static int __init init(void)
return 0; return 0;
} }
PROVIDES_CONNTRACK(ftp);
EXPORT_SYMBOL(ip_ftp_lock); EXPORT_SYMBOL(ip_ftp_lock);
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
......
...@@ -289,6 +289,7 @@ static void fini(void) ...@@ -289,6 +289,7 @@ static void fini(void)
} }
} }
PROVIDES_CONNTRACK(irc);
EXPORT_SYMBOL(ip_irc_lock); EXPORT_SYMBOL(ip_irc_lock);
module_init(init); module_init(init);
......
...@@ -130,5 +130,7 @@ static int __init init(void) ...@@ -130,5 +130,7 @@ static int __init init(void)
return(0); return(0);
} }
PROVIDES_CONNTRACK(tftp);
module_init(init); module_init(init);
module_exit(fini); module_exit(fini);
...@@ -221,6 +221,6 @@ static int __init init(void) ...@@ -221,6 +221,6 @@ static int __init init(void)
return ret; return ret;
} }
NEEDS_CONNTRACK(amanda);
module_init(init); module_init(init);
module_exit(fini); module_exit(fini);
...@@ -341,6 +341,8 @@ static int __init init(void) ...@@ -341,6 +341,8 @@ static int __init init(void)
return ret; return ret;
} }
NEEDS_CONNTRACK(ftp);
module_init(init); module_init(init);
module_exit(fini); module_exit(fini);
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
...@@ -404,44 +404,6 @@ int ip_nat_helper_register(struct ip_nat_helper *me) ...@@ -404,44 +404,6 @@ int ip_nat_helper_register(struct ip_nat_helper *me)
{ {
int ret = 0; int ret = 0;
if (me->me && !(me->flags & IP_NAT_HELPER_F_STANDALONE)) {
struct ip_conntrack_helper *ct_helper;
if ((ct_helper = ip_ct_find_helper(&me->tuple))) {
if (!try_module_get(ct_helper->me))
return -EBUSY;
} else {
/* We are a NAT helper for protocol X. If we need
* respective conntrack helper for protoccol X, compute
* conntrack helper name and try to load module */
char name[MODULE_NAME_LEN];
const char *tmp = module_name(me->me);
if (strlen(tmp) + 6 > MODULE_NAME_LEN) {
printk("%s: unable to "
"compute conntrack helper name "
"from %s\n", __FUNCTION__, tmp);
return -EBUSY;
}
tmp += 6;
sprintf(name, "ip_conntrack%s", tmp);
#ifdef CONFIG_KMOD
if (!request_module("ip_conntrack%s", tmp)
&& (ct_helper = ip_ct_find_helper(&me->tuple))) {
if (!try_module_get(ct_helper->me))
return -EBUSY;
} else {
printk("unable to load module %s\n", name);
return -EBUSY;
}
#else
printk("unable to load module %s automatically "
"because kernel was compiled without kernel "
"module loader support\n", name);
return -EBUSY;
#endif
}
}
WRITE_LOCK(&ip_nat_lock); WRITE_LOCK(&ip_nat_lock);
if (LIST_FIND(&helpers, helper_cmp, struct ip_nat_helper *,&me->tuple)) if (LIST_FIND(&helpers, helper_cmp, struct ip_nat_helper *,&me->tuple))
ret = -EBUSY; ret = -EBUSY;
...@@ -484,19 +446,4 @@ void ip_nat_helper_unregister(struct ip_nat_helper *me) ...@@ -484,19 +446,4 @@ void ip_nat_helper_unregister(struct ip_nat_helper *me)
which is just a long-winded way of making things which is just a long-winded way of making things
worse. --RR */ worse. --RR */
ip_ct_selective_cleanup(kill_helper, me); ip_ct_selective_cleanup(kill_helper, me);
/* If we are no standalone NAT helper, we need to decrement usage count
* on our conntrack helper */
if (me->me && !(me->flags & IP_NAT_HELPER_F_STANDALONE)) {
struct ip_conntrack_helper *ct_helper;
if ((ct_helper = ip_ct_find_helper(&me->tuple)))
module_put(ct_helper->me);
#ifdef CONFIG_MODULES
else
printk("%s: unable to decrement usage count"
" of conntrack helper %s\n",
__FUNCTION__, me->me->name);
#endif
}
} }
...@@ -279,6 +279,7 @@ static int __init init(void) ...@@ -279,6 +279,7 @@ static int __init init(void)
return ret; return ret;
} }
NEEDS_CONNTRACK(irc);
module_init(init); module_init(init);
module_exit(fini); module_exit(fini);
...@@ -1306,7 +1306,7 @@ static unsigned int nat_help(struct ip_conntrack *ct, ...@@ -1306,7 +1306,7 @@ static unsigned int nat_help(struct ip_conntrack *ct,
static struct ip_nat_helper snmp = { static struct ip_nat_helper snmp = {
{ NULL, NULL }, { NULL, NULL },
"snmp", "snmp",
IP_NAT_HELPER_F_STANDALONE, 0,
THIS_MODULE, THIS_MODULE,
{ { 0, { __constant_htons(SNMP_PORT) } }, { { 0, { __constant_htons(SNMP_PORT) } },
{ 0, { 0 }, IPPROTO_UDP } }, { 0, { 0 }, IPPROTO_UDP } },
...@@ -1317,7 +1317,7 @@ static struct ip_nat_helper snmp = { ...@@ -1317,7 +1317,7 @@ static struct ip_nat_helper snmp = {
static struct ip_nat_helper snmp_trap = { static struct ip_nat_helper snmp_trap = {
{ NULL, NULL }, { NULL, NULL },
"snmp_trap", "snmp_trap",
IP_NAT_HELPER_F_STANDALONE, 0,
THIS_MODULE, THIS_MODULE,
{ { 0, { __constant_htons(SNMP_TRAP_PORT) } }, { { 0, { __constant_htons(SNMP_TRAP_PORT) } },
{ 0, { 0 }, IPPROTO_UDP } }, { 0, { 0 }, IPPROTO_UDP } },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment